Submission Details
Severity:
The `OneShot::mintRapper` function does not adhere to the CEI (Checks-Effects-Interactions) pattern.
Description: The mintRapper function updates contract state after calling the safeMint function, potentially exposing the function to a reentrancy attack.
function mintRapper() public {
uint256 tokenId = _nextTokenId++;
_safeMint(msg.sender, tokenId);
@> rapperStats[tokenId] =
RapperStats({weakKnees: true, heavyArms: true, spaghettiSweater: true, calmAndReady: false, battlesWon: 0});
}
Impact: The impact of this vulnerability is currently low due to the absence of any funds at risk in this specific function. However, it can introduce unpredictability and potential security risks.
Recommended Mitigation: Refactor the OneShot::mintRapper to follow the CEI pattern, placing the state change before the external call for security and predictability.
function mintRapper() public {
uint256 tokenId = _nextTokenId++;
+ rapperStats[tokenId] = RapperStats({weakKnees: true, heavyArms: true, spaghettiSweater: true,calmAndReady: false, battlesWon: 0});
_safeMint(msg.sender, tokenId);
- rapperStats[tokenId] = RapperStats({weakKnees: true, heavyArms: true, spaghettiSweater: true, calmAndReady: false, battlesWon: 0});
}
Updates
Lead Judging Commences
inallhonesty
over 1 year ago
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
mintRapper reentrancy leads to fighting having better chances of winning.
Rewards breakdown
nSLOC
201This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.